Mapping Groups from Jumpcloud

In the above post we set up Jumpcloud SAML SSO auth to use Keycloak as the SP.
In addition, it is sometimes helpful to include your jumpcloud groups in the SAML token. The following instructions should help enable this.

Configure Jumpcloud start by configuring your group to use the SSO App you created for SAML

Screenshot 2022-11-26 at 11.51.30.png

Now update your SAML app to include group information: Go to your SSO App click on the SSO Tab and scroll to the bottom tick the box for Group Attributes give it a name like memberOf (can be any name but you will need this for keycloak) click save

Screenshot 2022-11-26 at 12.00.33.png

Configure Keycloak Open Keycloak admin portal for your realm Click on Roles and create a new role e.g. saml-group

Screenshot 2022-11-26 at 12.04.42.png

Click on Identity Providers and select the provider you created earlier (see above blog post) Click on the Mappers tab Click Create Give it a name e.g. saml-group select Sync Mode Overrride equal to force (this updates the groups associated with this account on every login) Create a new Attributes using the Jumpcloud Group Attributes identifier, in this case memberOf as the key and your Jumpcloud group name as the key Set Regex Attribute Values to On Under Role, choose the role you created

Screenshot 2022-11-26 at 12.11.52.png

heh, we have enough trouble keeping up with Netflix!

@admin would an IPv6 only VM work for you? In case I may arrange something